Tuesday, 10 December 2013

www.fxtraders.eu Vulnerable | Be careful

01:30    No comments

Tested on December 10, 2013


Technical Information for www.fxtraders.eu


Host IP: 93.157.96.51
Web Server: Apache/2
Powered-by: PHP/5.3.25
DB Server: MySQL >=5
Current DB: fxtraders_main

Testing Method [methode rank & tools] :

I was checked http://www.fxtraders.eu/ using low rank  testing method that called as Google Dork. After getting a vulnerable parameter, followed by testing using sql injection tools that called as Havij.

Result : 

In the eng_subcribe table contained the personal data of consumers / users including emails, hash [ password hashes] etc, even when password on hash pattern it can be decrypt by some decryption tools,. see image below!


The next test I focus only on the email and password fields, and the results http://www.fxtraders.eu/ only have 22 members [Count(*) of fxtraders_main.eng_subscribe is 22]


 

NOTE : 

And what hacker can do with this?, Sometime people made same password for all account, how if http://www.fxtraders.eu/ members have same password between http://www.fxtraders.eu/ account and Email address?. When hacker can access your email, they can get any important info on your email such as Credit Card, Internet Banking etc.


0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)